<!DOCTYPE HTML>
<html lang="en">
<head>
  <meta name="copyright" content=
  "Copyright (c) Red Hat Inc. and others 2022. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page.">
  <meta charset="utf-8">
  <link rel="STYLESHEET" href="../book.css" type="text/css">
  <script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script>
  <title>Trust</title>
</head>
<body>

<h1 class="Head">Trusting p2 artifact installation</h1>
<p class="Intro">
Installing artifacts is by nature a security risk as it will allow the artifacts to execute potentially malicious code.
To mitigate this risk, p2 verifies artifact <b>signatures</b> during installation and selectively prompts for artifact trust.
</p>

<h2>Trust Artifacts Dialog</h2>
<p>
One of the main goals of digital signatures is to match a signer identity to each artifact,
such that trusting an artifact is simply a decision of whether to trust the signer.
</p>

<p>
Often all artifacts have a signature but the identity of each signer may not be known.
Artifacts signed by a X509 certificate rooted in the Java runtime's trust store are trusted by default.
Artifacts signed by a PGP public key are trusted only if that key is trusted in the preferences.
Unsigned artifacts are always treated as untrusted;
such an artifact can be relatively easily tampered such that the artifact being installed contains different content than expected.
</p>

<p>
In the case of unverified artifact signers or unsigned artifacts, the <em>Trust Artifacts</em> dialog shows the artifacts along with associated certificates and PGP public keys, if any, for the user's review and approval.
The user may choose which signers are trusted, and may even choose to install unsigned content.
If all artifacts are signed by at least 1 trusted key or certificate or if unsigned artifacts are permitted, installation will continue; otherwise it's aborted.
</p>

<h2>Trust Preference Page</h2>
<p>
The
<a class="command-link" href='javascript:executeCommand("org.eclipse.ui.window.preferences(preferencePageId=org.eclipse.equinox.internal.p2.ui.sdk.TrustPreferencePage)")'>
  <img src="PLUGINS_ROOT/org.eclipse.help/command_link.svg" alt="command link">
  <strong>Install/Update &gt; Trust</strong>
</a>
preference page's <strong>Artifacts</strong> tab lists all the certificates and PGP public keys that are considered as trusted and allows to add or remove certificates and keys,
or even to allow all artifacts to be installed without confirmation.
</p>

<h3 class="related">Related Tasks</h3>
<a href="../tasks/tasks-120.htm">Updating the installation</a><br>
<a href="../tasks/tasks-124.htm">Installing new software</a><br>
<a href="ref-p2-trust-authority.htm">Trusting p2 content installation</a>

<h3 class="related">Related Reference</h3>
<a href="ref-61.htm">Help Menu</a>

</body>
</html>
